Hello everyone,
- I am using dead letter queue and based on some filters I want to index all the processed events to ES.
- In output section of dlq I am using, index => "index-prod-l%{+YYYYMMdd}" to create dynamic indices based on date and time.
- but when I ran this I got error => [FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<LogStash::Error: timestamp field is missing>, :backtrace=>["org/logstash/ext/JrubyEventExtLibrary.java:177:in `sprintf'", ... and hence logstash got terminated.
- At the same time same index-name logic works with main pipeline and creates new indices on ES on daily basis.
- and when I change index name logic as index => "index-1" in dlq conf, the index got created on ES and processed events also got indexed on ES.
- so is there a way to check if @timestamp is present or not and if not is there a way to add it in the event?
- logstash version => 6.5.4, elasticsearch version => 6.6.0. and kibana version => 6.6.1
Thanks in advance!